Set Color Mode

Generate Signature


Use case

There are two use kind of signature to be generated, one is to obtain access token, and another is for transaction. Signature for B2B Access Token is encrypted in an asymmetrically way, while for transaction signature is encrypted in a symmetrically way.

Generate Signature To Obtain Access Token (B2B)

You can find the required structure of the string to be encrypted as below:

<X-CLIENT-KEY> | <X-TIMESTAMP> (on ISO8601 format)

which then signed using SHA256withRSA with Private/Public Key pair merchant has generated.

Example: merchant_client_key|2024-05-13T14:53:06.991+07:00

Final Result: X-Signature: aw3o6HM68vJDLO4nxAPgK0it5nd6zik3bUgMzqLiTrIB7w1QbnCLDo/IMVjaYsbPk9s=

Generate Signature For Transaction API

You can find the required structure of the string to be encrypted as below:

<HTTP METHOD> + ":" + <RELATIVE PATH URL> + ":" + <B2B ACCESS TOKEN> + ":" + LowerCase(HexEncode(SHA-256(Minify(<HTTP BODY>)))) + ":" + <X-TIMESTAMP>

which then encrypted using HMAC-SHA512 with merchant's Secret Key that Durianpay give.

Example: POST:/v1.0/balance-inquiry:eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJEdXJpYW4gTW9uZXkiLC :f806c49e8cd175aa9dd5dd8e0a49648c885954d:2024-05-13T15:07:07+07:00

Final Result: X-Signature: tnNHFw5ZCWjnHFd9UGAB5iDLuwo+89efml8F1CP8vaqut/PfNWac/XLiCkLt3zGHTppZKPxz/PPptqM2alsOFA==

Go to next section to see what B2B Access Token is and how to generate it